Why Static exists
Community software should not require you to prove who you are.
Most platforms treat identity verification as a feature. We treat it as a liability. Static generates a key pair and a recovery phrase — that is your account. No email, no phone number, no government ID. You choose a display name, or you don't. Other people assign you a local label (a petname) that only they see. There is no global username registry, no identity provider, and no mechanism for Static to learn who you are in the physical world. We believe the right to communicate privately begins with the right to exist without credentials.
The people who run the servers should decide the rules.
Centralized platforms make the rules for everyone. When a company decides what speech is acceptable, what communities are allowed, or what content is too sensitive, billions of people are subject to a single policy written by a small team. Static is self-hostable. If you run a supernode, you set the rules for your community. You choose the moderation policy. You decide who joins and who is removed. The software gives you the tools — roles, permissions, moderation capabilities — but the decisions are yours. Different communities can have different standards, and that is by design.
Privacy is not a feature toggle — it must be the architecture.
Most platforms offer privacy as an opt-in setting buried in a menu. A toggle you enable after the damage is done. Static takes a different approach: encryption is the architecture, not a layer on top. Every message is end-to-end encrypted with MLS before it leaves your device. Every voice packet is encrypted with keys the relay server does not possess. The database on your device is encrypted at rest with SQLCipher. There is no "disable encryption" button because there is no unencrypted path. We designed the system so that privacy is not something you configure — it is something you cannot avoid.
Open source is not optional for trust.
You should not have to trust our claims. You should be able to verify them. Static is fully open source under AGPL-3.0 — the client, the server, the protocol, the cryptographic implementation. Every commit is public. Every design decision is documented. We publish reproducible builds so you can verify that the binary you download corresponds to the source code you can read. If we make a mistake, you will find it. If we ship something you disagree with, you can fork it. This is not a business strategy. It is a prerequisite for the kind of trust we are asking you to place in the system.
Built in the open
Static is developed in public on GitHub, with every commit visible from day one. The entire codebase — client, server, and protocol — is open source under AGPL-3.0.
We believe that the best way to build trust in privacy software is to remove every reason you would need to trust us. The code is readable. The decisions are documented. The cryptography is standard. If the project succeeds, it will be because the architecture is sound — not because we asked you to take our word for it.
How Static makes money
Static follows the same model as Rocket.Chat and Element (EMS): the software is free and open source, and we sell hosted infrastructure for people who don't want to run their own servers. Hosted supernodes start at $5/month.
Privacy features — E2EE, traffic padding, cover traffic, batch shuffling, ephemeral identities — are free at every tier, including self-hosted. You pay for the convenience of managed infrastructure, not for encryption. We have no monetization strategy that depends on your data, because we do not have access to your data.